Re: [Declude.JunkMail] Spam lists
Except you will never know how a test will work in your environment without trying it. What works for one person in their environment may not work for someone else, and vise versa. I guess that's the beauty of a weighted system like Declude. Also, because you can try different tests without causing any problems by simply using the LOG and/or IGNORE actions, there should be no hesitation to see how a particular test will work in your environment. If the results looks good, change the action to WARN, and if not, remove the test, all the while you have not negatively impacted your mail flow in any way during your testing. Again, just my two cents... Bill - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 8:55 AM Subject: RE: [Declude.JunkMail] Spam lists Very true, Bill. I just tend to be very careful about making changes. Usually adding one test at a time. Also, good feedback tends to keep me from reinventing the wheel. If I was told from this list that a test had high false positives, I would avoid the test or weigh it low. Just plunging ahead is something I do from time to time but is not my preferred course. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, September 25, 2003 5:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Spam lists Everybody's experiences with spam test, including DNS based tests, are going to be different. Why be so hesitant to try a test to see how it works for you. Simply setup the test in your global.cfg and set the action to IGNORE or LOG, that way you can evaluate the test results without impacting your customers or your e-mail flow. Bill - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 4:38 PM Subject: RE: [Declude.JunkMail] Spam lists John: You actually are using some I was not so thanks for posting that. About the only one that I am using that you are not is NJABL (see entry below). It does not catch very many per day - about the same amount as ORDB. NJABL ip4r dnsbl.njabl.org 127.0.0.2 5 0 I have been toying with testing Reynolds. But have not gotten any feedback. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Thursday, September 25, 2003 12:05 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam lists With the loss in the last month of several spam lists, I am reviewing what I have been using. This is the current list. Any recommendations on additions? DSBL ip4r list.dsbl.org * 6 0 ORDB ip4r relays.ordb.org * 2 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 15 0 EASYNET-DNSBL ip4r blackholes.easynet.nl 127.0.0.2 7 0 EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl 127.0.0.2 7 0 BLITZEDALL ip4r opm.blitzed.org * 7 0 SORBS-HTTP ip4r dnsbl.sorbs.net 127.0.0.2 50 SORBS-SOCKS ip4r dnsbl.sorbs.net 127.0.0.3 50 SORBS-MISC ip4r dnsbl.sorbs.net 127.0.0.4 50 SORBS-SMTP ip4r dnsbl.sorbs.net 127.0.0.5 50 SORBS-WEB ip4r dnsbl.sorbs.net 127.0.0.7 50 SORBS-ZOMBIE ip4r dnsbl.sorbs.net 127.0.0.9 50 SORBS-DUL ip4r dnsbl.sorbs.net 127.0.0.10 50 SORBS-NOMAIL ip4r dnsbl.sorbs.net 127.0.0.12 50 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 10 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 3 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 7 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 10 0 DNSFRAUD rhsbl in.dnsbl.org 127.0.0.3 10 0 DNSILLEGAL rhsbl in.dnsbl.org 127.0.0.5 10 0 DNSPROMO rhsbl in.dnsbl.org 127.0.0.4 10 0 John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The
RE: [Declude.JunkMail] Spam lists
Also, because you can try different tests without causing any problems by simply using the LOG and/or IGNORE actions, there should be no hesitation to see how a particular test will work in your environment. I agree.. What we always do is add the test with a weight of Zero and use the WARN action to simply watch the headers and see how the test behaves. After a week or so of watching the spam then we simply add a weight between 1-5 depending on the response we see. In time change the weight to what makes sense.. Every test we have done has started with a weight of Zero and WARN action. Just some thought.. Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spam review
Can you give me the syntax for that? - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 12:37 PM Subject: RE: [Declude.JunkMail] spam review How do I get the Weight: to show? Andy, It's not the answer but maybe this will also work for you. I've configured Declude to add the weight to the subject-line from a certain weight on. WEIGHT75 SUBJECT [spam%WEIGHT%] We hold on 100 and can now see immediatly the weight and also sort by this weight. This makes it much easier to search for FP's because our experience shows that all messages above 200 points can be deleted without any further control. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam lists
Darrell, Does DLA also do Imail log files? I would love to have a program that can email me a summary every day and then a larger report text file I can look at if needed. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
Three Web sites that provide spam-blocking lists have been forced offline as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails. These lists that we all have come to love, could be made available via FTP and we can host them on our own servers... Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
You would have to download the lists quite often to stay current, and they are rather large. And if the site is being DDoSed, and it cannot even respond to regular DNS queries, how are you going to be able to connect to download the updates? Bill - Original Message - From: Sheldon Koehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:50 AM Subject: Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists Three Web sites that provide spam-blocking lists have been forced offline as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails. These lists that we all have come to love, could be made available via FTP and we can host them on our own servers... Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
I get the Sniffer updates several times per day. And if it was a CNAME and not an IP, it could be changed. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! He who sends a message by the hand of a fool Cuts off his own feet and drinks violence. -- Proverbs 26:6 - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 11:00 AM Subject: Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists You would have to download the lists quite often to stay current, and they are rather large. And if the site is being DDoSed, and it cannot even respond to regular DNS queries, how are you going to be able to connect to download the updates? Bill - Original Message - From: Sheldon Koehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:50 AM Subject: Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists Three Web sites that provide spam-blocking lists have been forced offline as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails. These lists that we all have come to love, could be made available via FTP and we can host them on our own servers... Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spam review
Can you give me the syntax for that? Assuming you have configured 2 weight tests like WEIGHT10 WEIGHT20 in your global.cfg file and you want to hold on 20 points: Set the two actions WEIGHT10 SUBJECT [spam%WEIGHT%] WEIGHT20 HOLD in your $default$.junkmail file. (Note the space after the ] !) This will add a [spamXX] to the subject line of every message collecting at least 10 points. Any massage above 20 points will be moved to the hold folder. Now you can list all hold messages with spam review and see the weight of every message in the subject-column. Hope this helps Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
DNS blacklist databases are very much larger than the Sniffer rule set files. Bill - Original Message - From: Sheldon Koehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 11:14 AM Subject: Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists I get the Sniffer updates several times per day. And if it was a CNAME and not an IP, it could be changed. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! He who sends a message by the hand of a fool Cuts off his own feet and drinks violence. -- Proverbs 26:6 - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 11:00 AM Subject: Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists You would have to download the lists quite often to stay current, and they are rather large. And if the site is being DDoSed, and it cannot even respond to regular DNS queries, how are you going to be able to connect to download the updates? Bill - Original Message - From: Sheldon Koehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:50 AM Subject: Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists Three Web sites that provide spam-blocking lists have been forced offline as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails. These lists that we all have come to love, could be made available via FTP and we can host them on our own servers... Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spam review
Yes, that part I already have. But I already have WEIGHT10 HOLD and WEIGHT20 DELETE What is the syntax for getting the weight in the subject line? thanks, andy - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 2:08 PM Subject: RE: [Declude.JunkMail] spam review Can you give me the syntax for that? Assuming you have configured 2 weight tests like WEIGHT10 WEIGHT20 in your global.cfg file and you want to hold on 20 points: Set the two actions WEIGHT10 SUBJECT [spam%WEIGHT%] WEIGHT20 HOLD in your $default$.junkmail file. (Note the space after the ] !) This will add a [spamXX] to the subject line of every message collecting at least 10 points. Any massage above 20 points will be moved to the hold folder. Now you can list all hold messages with spam review and see the weight of every message in the subject-column. Hope this helps Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
DNS blacklist databases are very much larger than the Sniffer rule set files. OK, bad idea... Sheldon --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
These lists that we all have come to love, could be made available via FTP and we can host them on our own servers... You would have to download the lists quite often to stay current, and they are rather large. And if the site is being DDoSed, and it cannot even respond to regular DNS queries, how are you going to be able to connect to download the updates? I think it's a good idea to share such tables. (If the blacklist maintainer agree to share his entire knowledge) Regarding updates the file sizes should be much lower if they contain only the changed values. Something like +123.123.123.123 -122.122.122.122 ... Then it's also a question huw much traffic creates the [your_processed_messages] x [your_ip4r+rbls_tests] DNS-lookups any day. My opinion about sharing tecnologies: It's a little bit programming work but why not use P2P tecnologies to search for special signed file names containing the update for a certain day? If this file is signed with a digital certificate it should be save to run such a update over P2P in automatic mode. The maintainer of this list can work from everywhere arround the world. He must only put the daily updates in the P2P network. Spammers shouldn't have any advantage from such public blacklists because they are already able to check DNS based blacklists if the IP they use currently to send out spam is blacklisted somewhere. Maybe daily updates are to slow for effective spam filtering and also hourly updates would ask some changes on the local anti spam filters (for example a queue-wait for suspiciuos messages) On the other side such shared blacklists can contain also additional data like a relative weight about any listed IP to indicate not only yes or no but also maybe yes, for shure! and so on. I preffer also to have a clear defined maintainer that follows his rules to maintain a certain list. Something like a open-blacklist can be a little bit difficult because it's not clear who can add or delete IPs. Have a nice weekend! Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
DNS blacklist databases are very much larger than the Sniffer rule set files. A textfile containing only IP-Addresses can by zipped down to around 1/3 of his size. A file containing 200 Ips has an original size of 3,1 kB The zipped file has 1,1 kB (Probably the zip algoritmus will work bether for larger files because there are more equal 3-digit-strings.) Multiplicating it by 100.000 assuming a blacklist containing 20 million bad IPs would create a 110 MB file. But this 20 million IP's are a initial value. I have no exact idea but I assume there should be something between 1000 and 1 new/removed IPs per day. If my theory has no errors we can expect daily updates between 0,5 and 5,5 MB. That shouldn't be a problem. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Sender Permitted From (SPF)
What do people think of this proposed solution to spam: Sender Permitted From (SPF)? You can find out more about it at: http://spf.pobox.com/howithelps.html Sounds like it could be an effective tool against spam, although there would need to be mass adoption in order for it to be of much use. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Attacks prompt shutdown of antispam lists lists
It wouldn't make sense to repeatedly download what was essentially the same list with small changes. It would make much more sense to have one large file to download once, followed by a distribution of small diff files to apply to the main file, containing any additions/deletions since the previous diff file. If this was done in a distributed way, almost like DNS, where anyone could get it from anyone else, there would simply be too many systems running it to make it possible to kill it via DDOS. At 02:52 PM 9/26/2003, Markus Gufler wrote: DNS blacklist databases are very much larger than the Sniffer rule set files. A textfile containing only IP-Addresses can by zipped down to around 1/3 of his size. A file containing 200 Ips has an original size of 3,1 kB The zipped file has 1,1 kB (Probably the zip algoritmus will work bether for larger files because there are more equal 3-digit-strings.) Multiplicating it by 100.000 assuming a blacklist containing 20 million bad IPs would create a 110 MB file. But this 20 million IP's are a initial value. I have no exact idea but I assume there should be something between 1000 and 1 new/removed IPs per day. If my theory has no errors we can expect daily updates between 0,5 and 5,5 MB. That shouldn't be a problem. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Attacks prompt shutdown of antispam lists
Multiply times the number of databases you want to use, times the number of times you would need to download them each day to stay current, times the number of people that want to download the files--have you got a spare OC-3 laying around...? Bill - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 26, 2003 11:52 AM Subject: RE: [Declude.JunkMail] Attacks prompt shutdown of antispam lists DNS blacklist databases are very much larger than the Sniffer rule set files. A textfile containing only IP-Addresses can by zipped down to around 1/3 of his size. A file containing 200 Ips has an original size of 3,1 kB The zipped file has 1,1 kB (Probably the zip algoritmus will work bether for larger files because there are more equal 3-digit-strings.) Multiplicating it by 100.000 assuming a blacklist containing 20 million bad IPs would create a 110 MB file. But this 20 million IP's are a initial value. I have no exact idea but I assume there should be something between 1000 and 1 new/removed IPs per day. If my theory has no errors we can expect daily updates between 0,5 and 5,5 MB. That shouldn't be a problem. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Foreign Characters and Declude
Don't know if any one asked this, but we are seeing a flurry of omlauted characters used in Subject fields: RE: üS Döctor appröved RX Prëscríptíon We are ring to filter on these, but Declude doesn't see to recognize them? That should trigger the NONENGLISH test (if you are using it). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Foreign Characters and Declude
Reply to: R. Scott Perry Re: [Declude.JunkMail] Foreign Characters and Declude on Friday 7:40:45 PM I want to enable foreign characters but filter on their exact words. It sounds like these character sets are not 'viewed' and filtered in Declude? -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com - Copy of Original Message(s): - Don't know if any one asked this, but we are seeing a flurry of omlauted characters used in Subject fields: RE: üS Döctor appröved RX Prëscríptíon We are ring to filter on these, but Declude doesn't see to recognize them? R That should trigger the NONENGLISH test (if you are using it). R -Scott R --- R Declude JunkMail: The advanced anti-spam solution for IMail mailservers. R Declude Virus: Catches known viruses and is the leader in mailserver R vulnerability detection. R Find out what you've been missing: Ask about our free 30-day evaluation. R --- R [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] R --- R This E-mail came from the Declude.JunkMail mailing list. To R unsubscribe, just send an E-mail to [EMAIL PROTECTED], and R type unsubscribe Declude.JunkMail. The archives can be found R at http://www.mail-archive.com. R -- R ActivatorMail(tm) ver.00922031 Scanned for all viruses by R www.activatormail.com intelligent anti-virus anti-spam service -- ActivatorMail(tm) ver.00922031 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT - publishing solution Was: Attacks prompt shutdown of antispam lists
At 07:25 PM 9/26/2003 -0400, you wrote: At 06:50 PM 09/26/2003, Pete McNeil wrote: At 02:30 PM 9/26/2003 -0700, you wrote: I've said it before, I'll say it again. It's time to leverage the power of the network agianst abuse on that same network. Pete, You are preaching to the choir ;) When will it be ready? Pedaling as fast as I can... Anybody know how to eliminate the need for sleep? From CNN: Stay-awake pill The maker of a pill that helps people stay awake hopes government regulators will OK wider use of the drug. CNN medical correspondent Dr. Sanjay Gupta spoke with CNNs Bill Hemmer about the pill. The drug is called Provigil and it's been around for some time now. Theres going to be an FDA advisory committee that's going to suggest that it be used for shift workers, for people who have obstructive sleep apnea -- that's people who have a breathing difficulty that keeps them up at night -- MS as well, and insomnia. I think what people are really rallying behind is the fact that [the drug] is not a stimulant. In fact, [theyre saying] the side effects are actually less than that of even caffeine. Wow - thanks. That said, here is a solution if somebody wants to pound it (I can't do it right now, sorry). I can lay out a quick architecture - it moves fast, keep up :-) Take a look at entropy. (http://entropy.stop1984.com/en/home.html). This is not perfect, but it exists and it's good enough to start with. The key piece of this technology is that it is a distributed file system - distributed meaning there is no single node to attack. This also means that it scales well because, presumably, anybody using the service would be operating as one of the nodes - so the load of all queries would be split/balanced among all of the participants. Segments of zone files can be stored into this distributed network with file names matching the first two octets of the IP... so, File MyFavoriteBL-216.88 would be a binary file containing say 64K bytes - represented by a two byte array address for the next two octets. A ( 0 ) byte means no result. A ( 2 ) byte means block this (analagous to 127.0.0.2). Any other values would be defined by the provider (in this case MyFavoriteBL). A non-existent file also means that the zone doesn't exist. (I know I'm using zone the wrong way - but it's a handy term for this work). Trouble is this: This is a publicly available file so if you can get to the key for the file you will/may be able to alter it. Spammers would simply hack up the files - useless. What to do. Solution: This is very much like rd work I've been doing on a secure, distributed database architecture - what is required is more than one key where each key is able to access the file (or file segment) with specific access rights. For this application there are only two key types required. If you access the data through one path (user key) then you have read-only access. If you access the data through the second path (admin key) then you have write access. The publisher then uses the admin key to publish their data from any accessible node on the 'net. Subscribers can only read. Next, publication with the admin key may not be performed at the source of the request. (This prevents hacking). Instead, write requests are handled by having a peer generate a random challenge - the challenge is added to he admin key by the source of the write request and the sha1 of that result (the access key) is added to the segments of the file that are sent to that peer. The access key is recalculated at the peer containing the data segment in question. If the access key matches then the write is performed. If not then the request is rejected. If more than some limit of rejections occurs then the requesting node is expelled from the network. There are two nearly identical file segments maintained in the file system. The read access segment is encrypted only with the read access key. The write segment is encoded with the write access key. When a write access segment is overwritten/created, the read segment is cloned from that segment. The read access key is encoded/replicated within the write access segment to facilitate this. The segments are encoded using an odd-even byte split, and encrypted with a convolution stream encryption (like Mangler (see Sniffer2 source)) with the key at the end of the segment so that it acts like a CRC - specifically, if a segment is altered (or read bad from a disc) then it will not be successfully decrypted - and a brute force attack requires that the entire segment be decrypted with each trial-key before validation can be achieved. --- I tried not to be too technical - hope this is enough to get the ball rolling. If a version of Entropy (or another similar p2p engine) can be modified to implement the above publish/subscribe protocols then we create an environment where a publisher can access a widely distributed network of peers maintained by the subscribers. The publisher can create the file and
RE: [Declude.JunkMail] Fwd: PERSONAL LETTER TO LEVITSKY JOSHUA
I'll go you one better. I got one in the real mail (from Spain, I am in the US). Says I won 650,000 in a lottery, all I need to do is fill in the official looking ppage of personal info, bank acct and emergency contacts so they can deposit it for me. Of course, I have to act fast or it all goes back to the bank holding it. K -Original Message- From: Joshua Levitsky Ok. This spam is scary. It has my actual home address and phone number. I'm guessing they cropped it from WHOIS maybe... but that wouldn't make sense since many WHOIS contacts are technical people that wouldn't fall for this. Anyone else get this variation of the typical financial fraud with your actual contact info? It is a little more disturbing. -Josh --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.